<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class Shoplist  extends CustomSecurity { 

	var $db1;
	function Shoplist($db){
		$db1=$db; 
    }

	/***********************************
 	 * Add:         Allows the insertion of values into the Table.
 	 * Parameters:  $id, $product_id, $kolichestvo, $selected, $user_id
 	 * Return:      (Boolean) True - Successfully Inserted | False - Error
 	 ************************************/
	function add($product_id){ 

		escape_string($product_id);

		$statement = "INSERT INTO shoplist (product_id, user_id) VALUES ('$product_id', '".$_SESSION['user_id']."');";
		$results   = mysql_query($statement);

		if($results){
			return 1;
		}else{
			return -1;
		}

	}//End add()


	/***********************************
 	 * Remove:      Allows for the removal of record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
 	 * Return:      (Boolean) True - Successfully Removed | False - Error
 	 ************************************/
	function remove($primaryKeyValue){ 

		escape_string($primaryKeyValue);

		$statement = "DELETE FROM shoplist WHERE id = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End remove()
	
	
	/***********************************
 	 * Remove:      Allows for the removal of record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
 	 * Return:      (Boolean) True - Successfully Removed | False - Error
 	 ************************************/
	function removeAll(){ 


		$statement = "DELETE FROM shoplist WHERE user_id=".$_SESSION['user_id'];
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End remove()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($primaryKeyValue, $columnNameToUpdate, $columnValue){ 

		escape_string($primaryKeyValue);
		escape_string($columnNameToUpdate);
		escape_string($columnValue);

		$statement = "UPDATE shoplist SET $columnNameToUpdate = '$columnValue' WHERE id = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()


	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAll(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT s.id, genProduct, brand, s.kolichestvo FROM shoplist s INNER JOIN products p ON p.id = s.product_id WHERE user_id=".$_SESSION['user_id'];
		$results   = mysql_query($statement);
		
		$tokens[0] = 'id';
		$tokens[1] = 'genProduct';
		$tokens[2] = 'brand';
		$tokens[3] = 'kolichestvo';
		
		return transformResults($results, $tokens);

	}//End getAll()


	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getObject($primaryKeyName, $primaryKeyValue){ 

		escape_string($primaryKeyName);
		escape_string($primaryKeyValue);

		$statement = "SELECT id, product_id, kolichestvo, selected, user_id FROM Shoplist WHERE ".$primaryKeyName." = '".$primaryKeyValue."'";
		$results   = mysql_query($statement);
		
		$tokens[0] = 'id';
		$tokens[1] = 'product_id';
		$tokens[2] = 'kolichestvo';
		$tokens[3] = 'selected';
		$tokens[4] = 'user_id';
		
		return transformResults($results, $tokens);

	}//End getObject()
	
	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getName($id){ 

		escape_string($id);

		$statement = "SELECT s.id FROM shoplist s INNER JOIN products p ON p.id = s.product_id WHERE user_id=".$_SESSION['user_id']." AND p.id=".$id;
		$results   = mysql_query($statement);
		
		
		$tokens[0] = 'id';
		
		return transformResults($results, $tokens);

	}//End getObject()
	


}//End Class Shoplist
?>